CVE-2023-6578

Name of the Vulnerable Software and Affected Versions Software AG WebMethods versions 10.11.x through 10.15.x

Description A critical vulnerability has been found, leading to improper access controls. The issue can be exploited remotely, and it appears that insufficient access control is depending on referrer header data. By manipulating the access to certain files, such as /assets/, an attacker may be able to bypass authentication and access sensitive information, including internal IPs, ports, and versions, by visiting /invoke/wm.server/connect. In some cases, entering a wrong value, like /assets/x, and then coming back to /assets/ may also reveal the requested data.

Recommendations For Software AG WebMethods versions 10.11.x through 10.15.x, consider restricting access to the wm.server/connect/ file and the /assets/ directory until a patch is available. As a temporary workaround, restrict access to the /invoke/wm.server/connect endpoint to minimize the risk of exploitation. Additionally, review and strengthen access controls based on referrer header data to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.